Recent versions of OpenSSL were found to be affected by an information disclosure
vulnerability related to TLS heartbeats, nicknamed Heartbleed. It allows attackers
to read up to 64kb of random server memory, possibly including passwords, session
IDs or even private keys.

After the public disclosure on April 7, we have confirmed that several services
provided by Gentoo Infrastructure were vulnerable as well.
We have immediately updated the affected software, recreated private keys, reissued
certificates, and invalidated all running user sessions. Despite these measures, we
cannot exclude the possibility of attackers exploiting the issue during the time it
was not publicly known to gain access to credentials or session IDs of our users.
There are currently no indications this has happened.

However, to be safe, we are asking you to reset your passwords used for Gentoo
services within the next 7 days.
You need to take action if you have an account on one of the following sites: